Security protocols involving software code signing schemes are typically used to ensure the reliability of software applications that are downloaded from the Internet or other sources for execution on a computing device. The computing device may be, for example, a mobile device.
A code signing system may be implemented on a computing device to control access to certain resources on the computing device by a software application. In one example system, there is provided on the computing device an application platform, one or more application programming interfaces (APIs), and a virtual machine. The APIs are configured to link software applications with the application platform, and more specifically, to allow software applications to make function calls to or otherwise interact with resources made generally accessible to software applications on the computing device.
However, some of the APIs may be classified as “sensitive” by entities that wish to restrict access to those APIs or to the particular resources associated with those APIs. In the example system, the virtual machine is adapted to verify the authenticity of a digital signature appended to an application requiring access to a sensitive API before access to the sensitive API is granted. Accordingly, in order for an application to be granted access to the sensitive API, an appropriate signing authority must first digitally sign the application.